Hi Parvees, Interesting .....Thank you for explaining
Regards Anantha Subramanian Natarajan On Wed, Mar 10, 2010 at 4:54 AM, Parvees M <[email protected]> wrote: > Hi Anantha, > > There are some application which uses different port /diff protocol on > return communication and if we use the "established" command on ASA you > will be able to fine "P" entry in the connection flag. > > "he established command lets you permit return access for outbound > connections through the security appliance. This command works with an > original connection that is outbound from a network and protected by the > security appliance and a return connection that is inbound between the same > two devices on an external host. The established command lets you specify > the destination port that is used for connection lookups. This addition > allows more control over the command and provides support for protocols > where the destination port is known, but the source port is unknown. The > permitto and permitfrom keywords define the return inbound connection." > > if an internal system makes a TCP connection to an external host on port > 4000, then the external host could come back in on any port using any > protocol: > > hostname(config)# *established tcp 4000 0* > > * > * > > *So in this case , if you check the show connection , the application traffic > will be marked as "P" in the show connection.* > > * > > * > > *HTH* > > With best regards, > > Parvees M Davida > CCIE Security (Q) , CCNP ,CISSP > System Engineer -Network > > eHosting Datafort > Dubai Technology and Media Free Zone > P.O. Box 500006, Dubai Internet City, Dubai - UAE > <http://www.ehdf.com/> > : +971 4 3913041, : +971 55 9156358, +971 4 3913050 > > > > On Wed, Mar 10, 2010 at 11:25 AM, Brandon Carroll > <[email protected]>wrote: > >> P (p is unused) is set on connections which are dynamically opened >> (usually due to a PORT command on FTP command channel). These >> connections can only be used by the inside host. If the outside hosts >> tries to use this connection, it will be denied. >> >> This information comes from a contact at Cisco TAC and he is not aware >> of any documentation explaining it. >> >> Hope that helps. >> >> Regards, >> >> Brandon Carroll - CCIE #23837 >> Senior Technical Instructor - IPexpert >> Mailto: [email protected] >> Telephone: +1.810.326.1444 >> Live Assistance, Please visit: www.ipexpert.com/chat >> eFax: +1.810.454.0130 >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on >> Demand, Audio Tools, Online Hardware Rental and Classroom Training for >> the Cisco CCIE (R&S, Voice, Security & Service Provider) >> certification(s) with training locations throughout the United States, >> Europe, South Asia and Australia. Be sure to visit our online >> communities at www.ipexpert.com/communities and our public website at >> www.ipexpert.com >> >> >> >> On Tue, Mar 9, 2010 at 7:52 PM, Anantha Subramanian Natarajan >> <[email protected]> wrote: >> > Hi All, >> > >> > I am going through the "show conn" flag definition and one of the Flag >> P >> > indicates as Inside back connection.What is that mean ? >> > >> > Thanks for the help >> > >> > Regards >> > Anantha Subramanian Natarajan >> > >> > _______________________________________________ >> > For more information regarding industry leading CCIE Lab training, >> please >> > visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
